A Chinese state-backed hacking group, known as Salt Typhoon, successfully infiltrated and extensively compromised the Army National Guard network of a US state, according to a Department of Homeland Security (DHS) memo. The breach spanned a nine-month period from March to December 2024 and was reportedly severe in both scale and impact.
The memo, obtained by the nonprofit Property of the People, revealed that Salt Typhoon exfiltrated sensitive data—including digital maps and inter-network data traffic—with counterparts in every other US state and at least four US territories.
Neither the National Guard nor the DHS’s cybersecurity arm, CISA, responded to requests for comment. NBC News was the first to report the existence of the internal memo.
Scope of the Breach Raises Alarms Across National Cyber Defense Agencies
The confidential memo, which referenced Pentagon reporting, indicated that Salt Typhoon’s operation went far beyond simple espionage. The breach has prompted serious concerns among US cyber defense officials, who now believe the group is strategically positioning itself to disrupt critical American infrastructure in the event of geopolitical conflict—specifically with China.
While US officials continue to investigate the extent of the damage, Chinese authorities have denied involvement in the intrusions.
“Salt Typhoon’s ability to penetrate multiple National Guard networks could undermine local cybersecurity efforts to protect critical infrastructure,” the memo stated.
The report emphasized that Army National Guard units often work closely with state fusion centers—entities tasked with managing the flow of threat intelligence, including cyber threat data. This integration means a compromise in one area can ripple across wider threat detection and response frameworks at both state and federal levels.
